Firefox 56.0 released

It’s a major new version number, but there’s not much to get excited about in Firefox 56.0, unless the ability to take screenshots in your browser was on your wish list.

Also new in Firefox 56.0 is the Send Tabs feature, which allows you to send web page links to your other devices. Right click on any web page and select Send Page To Device to try it. I suppose it’s easier than sending yourself email.

Starting with version 56.0, Firefox’s web form autofill feature can fill in address fields. I didn’t even know this was missing in previous versions. In any case, this feature is currently only available for users in the USA; it will be made available in other countries in the coming weeks.

Firefox’s preferences (Options) pages have been reorganized and cleaned up significantly. There’s now a search box on the Options page, which should make finding that elusive setting a bit easier. The explanatory text associated with many options has been improved for clarity. The privacy options and data collection choices have been reworked so they are better aligned with the updated Privacy Notice and data collection strategy.

Finally, media on background tabs will no longer play automatically; it will only start playing once the associated tab is selected.

The release notes for Firefox 56.0 have additional details.

Chrome 61.0.3163.100

There are exactly fifty-seven items in the change log for Chrome 61.0.3163.100. Some of those changes are version increments and other housekeeping; about forty are actual changes to functionality. Most of those changes are fixes for minor issues. Three of the fixes are for security issues.

If you’ve stopped trying to prevent Chrome from updating itself, it will no doubt proceed with this update automatically. But since the new version includes security fixes, it’s a good idea to make sure. Click the main menu button (three vertical dots at the top right of Chrome’s window), then Help > About Google Chrome.

Vivaldi 1.12: bug fixes and some useful improvements

In response to frequent requests from users, the folks who make Vivaldi have finally added an Image Properties feature to the browser. Right-click an image on a web page and select ‘Image Properties’ to display a dialog showing the image’s URL, dimensions, binary size, and more.

Download management is somewhat easier in Vivaldi 1.12: the list of downloaded files can now be sorted by type, name, size, date added, date finished, and address. There’s a new panel at the bottom of the download sidebar that shows the details for a selected download.

Vivaldi’s Accent Color feature changes the browser’s colour scheme to match the web site currently being viewed. I personally find this kind of thing distracting, but there’s no accounting for taste. If you use this feature, you’ll be happy to know that Vivaldi now has a setting that determines the intensity of the accent color effect.

Vivaldi 1.12 includes fixes for about fifty bugs from earlier versions. None of the changes appear to be related to security. You can see all the details in the release announcement.

CCleaner malware incident

A recent version of the popular Windows cleanup tool CCleaner contains malware, apparently added by malicious persons who gained access to a server used by the software developer, Piriform.

The malware was found only in the 32-bit version of CCleaner 5.33.6162. No other versions were affected.

Piriform reacted quickly to the discovery, and yesterday released a new version: CCleaner 5.34.

If you have CCleaner installed on any Windows computers, you should make sure you’re running version 5.34, and if not, install it as soon as possible.

Update 2017Sep23: The server that was breached is actually managed by Avast, which purchased CCleaner software developer Piriform in July.

Ongoing analysis of the hack revealed that this may have been a state-sponsored attack, and that it specifically targeted high profile technology companies. Apparently the malware in the compromised version of CCleaner contained a second payload that was only installed on about twenty computers at eight tech companies.

Patch Tuesday for September 2017

This month’s updates from Microsoft include a patch for a nasty zero-day vulnerability in the .NET framework.

The announcement for this batch of updates is of course just a link to the Security Update Guide, where it’s up to the user to wade through piles of information and determine what’s relevant.

Here’s what I’ve been able to glean from my explorations: there are ninety-four updates, affecting Internet Explorer, Edge, Windows, Office, Adobe Flash Player, Skype, and the .NET Framework. A total of eighty-five vulnerabilities are addressed, twenty-nine of which are flagged as Critical.

As you may have guessed, this month we also have yet another new version of Flash. Microsoft included the new version in updates for Edge and Internet Explorer, and Chrome will get the new version via its internal auto-updater. Desktop Flash users should visit the main Flash page to get the new version. Flash 27.0.0.130 addresses two critical vulnerabilities in previous versions.

Chrome 61.0.3163.79 includes 22 security fixes

The change log for Chrome 61.0.3163.79 is another browser-challenging page, this one having over 10,000 entries. Google didn’t bother to highlight any of the changes, aside from the twenty-two security issues addressed in the new version.

Unless you’ve gone out of your way to disable the various auto-update mechanisms Google installs alongside its software, Chrome should update itself within a day or so of the new version becoming available. If not, you can usually trigger an update by visiting Chrome’s About page: click the three-dot menu button, then select Help > About Google Chrome.

Adobe Reader update fixes 67 vulnerabilities

AdobeAdobe normally releases patched versions of its main products on the second Tuesday of each month, to coincide with Microsoft’s update schedule. Occasionally they will depart from this schedule, as they have with the new versions of Reader/Acrobat announced on August 29.

The new versions of Reader and Acrobat address sixty-seven vulnerabilities, many of which were discovered by security researchers outside Adobe. All of the vulnerabilities involve either information disclosure or remote code execution.

Anyone who uses Adobe Reader or Acrobat is advised to install the new versions as soon as possible. You can do that by visiting the Acrobat Reader Download Center.